General
-
Target
123ea084efadcb985bbcebfe0613c0785db3012d16b9765a8a6c3bcebfa3cc2e
-
Size
1.1MB
-
Sample
240711-12p3xswepm
-
MD5
683b6ac246fb6811d31c932ff464aac2
-
SHA1
99817595612d589a9d3061ea0cf7b95a93975514
-
SHA256
123ea084efadcb985bbcebfe0613c0785db3012d16b9765a8a6c3bcebfa3cc2e
-
SHA512
2f1ada85795b5394b19045730810da20bf3c70bba20d6e6a216e705480ef8ef4e666ad34684f61a7baa430c4c8ae3f4dd1cf10ef6930aec99aba7d6a7c66fe59
-
SSDEEP
24576:tX4RHZCwHID6sMoVXZ5bFkNL/6fF2XQpI:YCPmo1ZvkR6F2XEI
Static task
static1
Behavioral task
behavioral1
Sample
123ea084efadcb985bbcebfe0613c0785db3012d16b9765a8a6c3bcebfa3cc2e.exe
Resource
win7-20240704-en
Malware Config
Extracted
lumma
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Targets
-
-
Target
123ea084efadcb985bbcebfe0613c0785db3012d16b9765a8a6c3bcebfa3cc2e
-
Size
1.1MB
-
MD5
683b6ac246fb6811d31c932ff464aac2
-
SHA1
99817595612d589a9d3061ea0cf7b95a93975514
-
SHA256
123ea084efadcb985bbcebfe0613c0785db3012d16b9765a8a6c3bcebfa3cc2e
-
SHA512
2f1ada85795b5394b19045730810da20bf3c70bba20d6e6a216e705480ef8ef4e666ad34684f61a7baa430c4c8ae3f4dd1cf10ef6930aec99aba7d6a7c66fe59
-
SSDEEP
24576:tX4RHZCwHID6sMoVXZ5bFkNL/6fF2XQpI:YCPmo1ZvkR6F2XEI
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-